CN114615046B - Administrator double-factor authentication method based on national secret certificate - Google Patents

Administrator double-factor authentication method based on national secret certificate Download PDF

Info

Publication number
CN114615046B
CN114615046B CN202210223946.9A CN202210223946A CN114615046B CN 114615046 B CN114615046 B CN 114615046B CN 202210223946 A CN202210223946 A CN 202210223946A CN 114615046 B CN114615046 B CN 114615046B
Authority
CN
China
Prior art keywords
administrator
encryption
certificate
equipment
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210223946.9A
Other languages
Chinese (zh)
Other versions
CN114615046A (en
Inventor
郭卫霞
车业蒙
崔冬
尚雄
邢博涵
黄冠杰
齐英俊
王路杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inner Mongolia Datang International Tuoketuo Power Generation Co Ltd
China Datang Corp Science and Technology Research Institute Co Ltd
Original Assignee
Inner Mongolia Datang International Tuoketuo Power Generation Co Ltd
China Datang Corp Science and Technology Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inner Mongolia Datang International Tuoketuo Power Generation Co Ltd, China Datang Corp Science and Technology Research Institute Co Ltd filed Critical Inner Mongolia Datang International Tuoketuo Power Generation Co Ltd
Priority to CN202210223946.9A priority Critical patent/CN114615046B/en
Publication of CN114615046A publication Critical patent/CN114615046A/en
Application granted granted Critical
Publication of CN114615046B publication Critical patent/CN114615046B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention relates to an administrator double-factor authentication method based on a national cryptographic certificate, which comprises the following steps: initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A; administrator a uses the national cryptographic certificate to log in to the secure encryption device: after the administrator A and the security encryption equipment B establish SSL connection, the administrator A sends a request to log in the security encryption equipment B; the secure encryption device B generates a random number R B and sends an encryption certificate CertB of the secure encryption device B to the administrator A; after receiving the encryption certificate CertB, the administrator A encrypts TokenAB, namely RA|| sSA; after receiving the encrypted TokenAB, the security encryption equipment B executes decryption, signature verification and user name and password consistency comparison operation. The invention realizes that an administrator logs in the security encryption equipment by using the national encryption certificate through the standard browser, thereby realizing double-factor authentication and improving the security intensity of the administrator logging in the equipment by using the national encryption certificate.

Description

Administrator double-factor authentication method based on national secret certificate
Technical Field
The invention relates to the technical field of information security, in particular to an administrator double-factor authentication method based on a national secret certificate.
Background
At the present time of cyber attack threat gain ground, to ensure security protection of its own network environment, a secure encryption device is one of the indispensable network devices. The security encryption device mainly acts as a protective barrier between the environment of the internal and external networks, so as to block the unsafe network factors of the computer, but the security encryption device is also an object of network attack.
Enterprises deploy secure encryption devices, and require full-time administrators to manage and configure the devices. The administrator logs into the secure encryption device, and in most cases authenticates using a username and password. The network attacker logs in the security encryption equipment through the password of the violent cracking administrator, and the tamper configuration is subjected to deeper damage. In order to enhance the security of the administrator authentication, a user name/password single authentication mode is not used any more, but a two-factor authentication mode is adopted. The two-factor authentication modes include certificate authentication, OTP token, short message authentication and the like.
An administrator logs in the security encryption equipment and adopts an HTTPS mode to encrypt and protect data by using an SSL protocol. The SSL protocol itself can perform certificate authentication, which is a way of two-factor authentication.
There are two ways of SSL certificate authentication: international certificate authentication and national secret certificate authentication. The international certificate authentication adopts an international protocol, and the authentication is completed by adopting an international algorithm in the SSL connection process. The national cipher certificate authentication adopts a national cipher protocol, and the SSL connection process adopts a set of standards of a national cipher algorithm (SM 1/SM2/SM3/SM 4).
The standard browser only supports SSL international protocol, supports SSL certificate authentication based on international certificates, does not support national-secret SSL protocol based on national-secret certificates, namely, the standard browser cannot support an administrator to log in the security encryption device by SSL double-factor authentication by using the national-secret certificates. The international certificate is usually RSA algorithm (2048 bits), the ECC algorithm is adopted at the current stage of the national encryption certificate, the ECC algorithm is issued by the national code administration in 2010 and is a public key cryptographic algorithm which is independently designed in China, the encryption strength of the international certificate is higher than that of the RSA algorithm (2048 bits) based on elliptic curve cryptography theory.
Disclosure of Invention
The invention aims to provide an administrator double-factor authentication method based on a national secret certificate, which realizes that an administrator logs in a security encryption device by using the national secret certificate through a standard browser, not only realizes double-factor authentication, but also improves the security intensity of the administrator logging in the device by using the national secret certificate.
The invention provides an administrator double-factor authentication method based on a national cryptographic certificate, which comprises the following steps:
Initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A;
The process of using the national cryptographic certificate to log in the security encryption device by the administrator A comprises the following steps:
Step 1, after an administrator A and a security encryption device B establish SSL connection, the administrator A sends a request to log in the security encryption device B;
Step 2, the secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device B to the administrator a;
step 3, after receiving the encryption certificate CertB, the administrator a performs the following operations:
1) Generating a random number R A;
2) The manager A signs the random number R A, the random number R B, the user name and the password by using the manager signature certificate CertA to obtain sSA;
3) The administrator A encrypts TokenAB, namely RA sSA by using a public key in CertB encryption key pairs of the security encryption device B;
4) Sending the encrypted TokenAB to a secure encryption device B;
Step 4, after the secure encryption device B receives the encrypted TokenAB, the following operations are executed:
(1) The secure encryption equipment B decrypts TokenAB by using a private key of the encryption key pair to obtain RA| sSA;
(2) The security encryption equipment B signs and verifies the public key pair sSA by using the signing key of the administrator A stored in the equipment; successfully obtaining a random number R A, a random number R b, a user name and a password;
(3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, and simultaneously compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, if the R A is consistent with the R B obtained in the signature verification, the security encryption equipment B passes through the security encryption equipment, otherwise, the security encryption equipment B fails to report errors;
(4) The security encryption equipment B compares the user name and the password obtained in the signature verification with the user name and the password stored in the equipment in a consistency manner, if the user name and the password are consistent with the user name and the password, the login is successful, otherwise, the login is failed;
(5) The secure encryption apparatus B returns a login success/failure message to the administrator a.
Further, the method further comprises: after the login of the manager A is successful, the signature certificate of the manager is updated.
By means of the scheme, the administrator double-factor authentication method based on the national secret certificate has the following technical effects:
1) The manager uses the national secret certificate to carry out double-factor authentication and login to the security encryption equipment by relying on the international SSL protocol, the SSL connection still uses the international protocol, and the standard browser is supported to access the security encryption equipment by using the national secret certificate.
2) The administrator uses the national secret signature certificate, so that the integrity, counterfeiting prevention and non-repudiation of the authentication data of the administrator are ensured, the national secret signature certificate uses an ECC algorithm, and the encryption strength is higher than that of an RSA algorithm used by the international certificate.
The foregoing description is only an overview of the present invention, and is intended to provide a better understanding of the present invention, as it is embodied in the following description, with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
Fig. 1 is a flow chart of an administrator double factor authentication method based on a national cryptographic certificate of the present invention.
Detailed Description
The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.
Referring to fig. 1, the present embodiment provides a dual factor authentication method of an administrator based on a national cryptographic certificate,
Firstly, initializing equipment, namely generating a national encryption certificate, namely an encryption certificate CertB of a security encryption device and a signature certificate CertA of an administrator A, and the following flow of using the national encryption certificate to log in the security encryption device by the administrator A is as follows:
1. after the administrator a establishes SSL connection with the secure encryption device, the administrator a sends a request to log in the secure encryption device B.
2. The secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device to the administrator a.
3. After receiving the information, the administrator a performs the following operations:
1) A random number R A is generated.
2) The administrator A signs the random number R A, the random number R B, the user name, the certificate CertA with the administrator,
Password, signature, and sSA.
3) Administrator a encrypts TokenAB, i.e., R A || sSA, with the public key of the CertB encryption key pair of secure encryption device B.
4) And sending the encrypted TokenAB to the secure encryption device B.
4. After the secure encryption apparatus B receives, the following operations are performed:
1) The secure encryption device B decrypts TokenAB with the private key of the encryption key pair to obtain R A | sSA.
2) The secure encryption device B signs the public key pair sSA with the administrator a's signing key stored in the device. The success will result in random number R A, random number R b, username, password.
3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, and passes if the R A is consistent with the R B obtained in the signature verification, otherwise, fails to report errors.
4) And the security encryption equipment B compares the user name and the password obtained in the signature verification with the consistency stored in the equipment, if the user name and the password are consistent with the consistency stored in the equipment, the login is successful, and otherwise, the login is failed.
The secure encryption apparatus B returns a login success/failure message to the administrator a. After the login of the manager A is successful, the signature certificate of the manager can be updated.
The administrator double-factor authentication method based on the national secret certificate has the following technical effects:
1) The manager uses the national secret certificate to carry out double-factor authentication and login to the security encryption equipment by relying on the international SSL protocol, the SSL connection still uses the international protocol, and the standard browser is supported to access the security encryption equipment by using the national secret certificate.
2) The administrator uses the national secret signature certificate, so that the integrity, counterfeiting prevention and non-repudiation of the authentication data of the administrator are ensured, the national secret signature certificate uses an ECC algorithm, and the encryption strength is higher than that of an RSA algorithm used by the international certificate.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and it should be noted that it is possible for those skilled in the art to make several improvements and modifications without departing from the technical principle of the present invention, and these improvements and modifications should also be regarded as the protection scope of the present invention.

Claims (2)

1. The administrator double-factor authentication method based on the national cryptographic certificate is characterized by comprising the following steps of:
Initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A;
The process of using the national cryptographic certificate to log in the security encryption device by the administrator A comprises the following steps:
Step 1, after an administrator A and a security encryption device B establish SSL connection, the administrator A sends a request to log in the security encryption device B;
Step 2, the secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device B to the administrator a;
step 3, after receiving the encryption certificate CertB, the administrator a performs the following operations:
1) Generating a random number R A;
2) The manager A signs the random number R A, the random number R B, the user name and the password by using the manager signature certificate CertA to obtain sSA;
3) The administrator A encrypts TokenAB, namely RA sSA by using a public key in CertB encryption key pairs of the security encryption device B;
4) Sending the encrypted TokenAB to a secure encryption device B;
Step 4, after the secure encryption device B receives the encrypted TokenAB, the following operations are executed:
(1) The secure encryption equipment B decrypts TokenAB by using a private key of the encryption key pair to obtain RA| sSA;
(2) The security encryption equipment B signs and verifies the public key pair sSA by using the signing key of the administrator A stored in the equipment; successfully obtaining a random number R A, a random number R b, a user name and a password;
(3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, and simultaneously compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, if the R A is consistent with the R B obtained in the signature verification, the security encryption equipment B passes through the security encryption equipment, otherwise, the security encryption equipment B fails to report errors;
(4) The security encryption equipment B compares the user name and the password obtained in the signature verification with the user name and the password stored in the equipment in a consistency manner, if the user name and the password are consistent with the user name and the password, the login is successful, otherwise, the login is failed;
(5) The secure encryption apparatus B returns a login success/failure message to the administrator a.
2. The national cryptographic certificate-based administrator two-factor authentication method of claim 1, further comprising: after the login of the manager A is successful, the signature certificate of the manager is updated.
CN202210223946.9A 2022-03-07 2022-03-07 Administrator double-factor authentication method based on national secret certificate Active CN114615046B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210223946.9A CN114615046B (en) 2022-03-07 2022-03-07 Administrator double-factor authentication method based on national secret certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210223946.9A CN114615046B (en) 2022-03-07 2022-03-07 Administrator double-factor authentication method based on national secret certificate

Publications (2)

Publication Number Publication Date
CN114615046A CN114615046A (en) 2022-06-10
CN114615046B true CN114615046B (en) 2024-04-30

Family

ID=81860788

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210223946.9A Active CN114615046B (en) 2022-03-07 2022-03-07 Administrator double-factor authentication method based on national secret certificate

Country Status (1)

Country Link
CN (1) CN114615046B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101115060A (en) * 2007-08-09 2008-01-30 上海格尔软件股份有限公司 Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system
WO2009143713A1 (en) * 2008-05-28 2009-12-03 北京易恒信认证科技有限公司 Two-factor combined public key generation and authentication method
CN102036238A (en) * 2010-12-27 2011-04-27 中国科学院软件研究所 Method for realizing user and network authentication and key distribution based on public key
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
CN103391194A (en) * 2012-05-10 2013-11-13 航天信息股份有限公司 Method and system for unlocking safety equipment of user
CN104901935A (en) * 2014-09-26 2015-09-09 易兴旺 Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
WO2015158172A1 (en) * 2014-04-18 2015-10-22 天地融科技股份有限公司 User identity identification card
CN109361681A (en) * 2018-11-12 2019-02-19 北京天融信网络安全技术有限公司 The close certificate authentication method of state, device and equipment
CN110650160A (en) * 2019-10-29 2020-01-03 北京天威诚信电子商务服务有限公司 Identity authentication method and system
CN110708304A (en) * 2019-09-27 2020-01-17 苏州浪潮智能科技有限公司 Information processing method and device
CA3050487A1 (en) * 2018-07-24 2020-01-24 Royal Bank Of Canada System and method for storing and distributing consumer information
CN112235235A (en) * 2020-08-28 2021-01-15 中国大唐集团科学技术研究院有限公司 SDP authentication protocol implementation method based on state cryptographic algorithm
CN113987537A (en) * 2021-10-28 2022-01-28 中国电影科学技术研究所 KDM manufacturing method and system based on cryptographic algorithm
CN113992702A (en) * 2021-09-16 2022-01-28 深圳市证通电子股份有限公司 Storage state encryption reinforcing method and system for ceph distributed file system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640593B (en) * 2009-08-28 2011-11-02 西安西电捷通无线网络通信股份有限公司 Entity two-way identification method of introducing the online third party

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101115060A (en) * 2007-08-09 2008-01-30 上海格尔软件股份有限公司 Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system
WO2009143713A1 (en) * 2008-05-28 2009-12-03 北京易恒信认证科技有限公司 Two-factor combined public key generation and authentication method
CN102036238A (en) * 2010-12-27 2011-04-27 中国科学院软件研究所 Method for realizing user and network authentication and key distribution based on public key
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
CN103391194A (en) * 2012-05-10 2013-11-13 航天信息股份有限公司 Method and system for unlocking safety equipment of user
WO2015158172A1 (en) * 2014-04-18 2015-10-22 天地融科技股份有限公司 User identity identification card
CN104901935A (en) * 2014-09-26 2015-09-09 易兴旺 Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CA3050487A1 (en) * 2018-07-24 2020-01-24 Royal Bank Of Canada System and method for storing and distributing consumer information
CN109361681A (en) * 2018-11-12 2019-02-19 北京天融信网络安全技术有限公司 The close certificate authentication method of state, device and equipment
CN110708304A (en) * 2019-09-27 2020-01-17 苏州浪潮智能科技有限公司 Information processing method and device
CN110650160A (en) * 2019-10-29 2020-01-03 北京天威诚信电子商务服务有限公司 Identity authentication method and system
CN112235235A (en) * 2020-08-28 2021-01-15 中国大唐集团科学技术研究院有限公司 SDP authentication protocol implementation method based on state cryptographic algorithm
CN113992702A (en) * 2021-09-16 2022-01-28 深圳市证通电子股份有限公司 Storage state encryption reinforcing method and system for ceph distributed file system
CN113987537A (en) * 2021-10-28 2022-01-28 中国电影科学技术研究所 KDM manufacturing method and system based on cryptographic algorithm

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
Key-Based Cookie-Less Session Management Framework for Application Layer Security;Zahoor Ahmed Alizai等;《 IEEE Access ( Volume: 7)》;20190911;全文 *
基于SSL证书认证登录的研究与实现;陈木来;;电脑与电信;20151210(第12期);全文 *
基于改进Kerberos认证协议的远程访问VPN密码系统研究;何伟;《博士电子期刊出版信息》;20030315;全文 *
基于数字证书企业应用单点登录的研究与实现;汪海明;;计算机安全;20100315(第03期);全文 *
基于短群签名的密钥交换协议设计;孙钰;韩庆同;刘建伟;;计算机研究与发展;20121215(第12期);全文 *
安全操作系统中证书认证模型的设计与实现;崔永祯, 卿斯汉, 高微;计算机应用与软件;20050412(第04期);全文 *
电子商务网站的安全防范技术;郭卫霞, 胡雪梅;山西电子技术;20051231(第01期);全文 *

Also Published As

Publication number Publication date
CN114615046A (en) 2022-06-10

Similar Documents

Publication Publication Date Title
WO2020087805A1 (en) Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network
Dacosta et al. Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties
US8800018B2 (en) Method and system for verifying user instructions
US7793340B2 (en) Cryptographic binding of authentication schemes
JP4842831B2 (en) Certificate-protected dynamic provisioning
US8130961B2 (en) Method and system for client-server mutual authentication using event-based OTP
US7840993B2 (en) Protecting one-time-passwords against man-in-the-middle attacks
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
CN111740844A (en) SSL communication method and device based on hardware cryptographic algorithm
US20020073322A1 (en) Countermeasure against denial-of-service attack on authentication protocols using public key encryption
US20030204724A1 (en) Methods for remotely changing a communications password
JP2007511167A5 (en)
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
Hlauschek et al. Prying Open Pandora's Box:{KCI} Attacks against {TLS}
Han et al. A survey on MITM and its countermeasures in the TLS handshake protocol
Tschofenig et al. The extensible authentication protocol-Internet key exchange protocol version 2 (EAP-IKEv2) method
CN108551391B (en) Authentication method based on USB-key
CN114615046B (en) Administrator double-factor authentication method based on national secret certificate
Simon et al. IEEE 802.11 security and 802.1 X
Zhou et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1
Thuc et al. A Sofware Solution for Defending Against Man-in-the-Middle Attacks on Wlan
CN115208696B (en) Remote communication method and device for substation telecontrol device
Bozkurt et al. Exploring the Vulnerabilities and Countermeasures of SSL/TLS Protocols in Secure Data Transmission Over Computer Networks
CN117749393B (en) SSLVPN user identity verification method and system based on collaborative signature
Wussler Mitigating TLS compromise with ECDHE and SRP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant